| ; RUN: opt < %s -msan-check-access-address=0 -S -passes=msan 2>&1 | FileCheck \ |
| ; RUN: %s "--check-prefixes=CHECK,INLINE" |
| ; RUN: opt < %s -msan -msan-check-access-address=0 -S | FileCheck %s --check-prefixes=CHECK,INLINE |
| ; RUN: opt < %s -msan-check-access-address=0 -msan-poison-stack-with-call=1 -S \ |
| ; RUN: -passes=msan 2>&1 | FileCheck %s "--check-prefixes=CHECK,CALL" |
| ; RUN: opt < %s -msan -msan-check-access-address=0 -msan-poison-stack-with-call=1 -S | FileCheck %s --check-prefixes=CHECK,CALL |
| ; RUN: opt < %s -msan-check-access-address=0 -msan-track-origins=1 -S \ |
| ; RUN: -passes=msan 2>&1 | FileCheck %s "--check-prefixes=CHECK,ORIGIN" |
| ; RUN: opt < %s -msan -msan-check-access-address=0 -msan-track-origins=1 -S | FileCheck %s --check-prefixes=CHECK,ORIGIN |
| ; RUN: opt < %s -msan-check-access-address=0 -msan-track-origins=2 -S \ |
| ; RUN: -passes=msan 2>&1 | FileCheck %s "--check-prefixes=CHECK,ORIGIN" |
| ; RUN: opt < %s -msan -msan-check-access-address=0 -msan-track-origins=2 -S | FileCheck %s --check-prefixes=CHECK,ORIGIN |
| ; RUN: opt < %s -S -passes="msan<kernel>" 2>&1 | FileCheck %s \ |
| ; RUN: "--check-prefixes=CHECK,KMSAN" |
| ; RUN: opt < %s -msan-kernel=1 -S -passes=msan 2>&1 | FileCheck %s \ |
| ; RUN: "--check-prefixes=CHECK,KMSAN" |
| ; RUN: opt < %s -msan -msan-kernel=1 -S | FileCheck %s --check-prefixes=CHECK,KMSAN |
| |
| target datalayout = "e-p:64:64:64-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:64:64-f32:32:32-f64:64:64-v64:64:64-v128:128:128-a0:0:64-s0:64:64-f80:128:128-n8:16:32:64-S128" |
| target triple = "x86_64-unknown-linux-gnu" |
| |
| define void @static() sanitize_memory { |
| entry: |
| %x = alloca i32, align 4 |
| ret void |
| } |
| |
| ; CHECK-LABEL: define void @static( |
| ; INLINE: call void @llvm.memset.p0i8.i64(i8* align 4 {{.*}}, i8 -1, i64 4, i1 false) |
| ; CALL: call void @__msan_poison_stack(i8* {{.*}}, i64 4) |
| ; ORIGIN: call void @__msan_set_alloca_origin4(i8* {{.*}}, i64 4, |
| ; KMSAN: call void @__msan_poison_alloca(i8* {{.*}}, i64 4, |
| ; CHECK: ret void |
| |
| |
| define void @dynamic() sanitize_memory { |
| entry: |
| br label %l |
| l: |
| %x = alloca i32, align 4 |
| ret void |
| } |
| |
| ; CHECK-LABEL: define void @dynamic( |
| ; INLINE: call void @llvm.memset.p0i8.i64(i8* align 4 {{.*}}, i8 -1, i64 4, i1 false) |
| ; CALL: call void @__msan_poison_stack(i8* {{.*}}, i64 4) |
| ; ORIGIN: call void @__msan_set_alloca_origin4(i8* {{.*}}, i64 4, |
| ; KMSAN: call void @__msan_poison_alloca(i8* {{.*}}, i64 4, |
| ; CHECK: ret void |
| |
| define void @array() sanitize_memory { |
| entry: |
| %x = alloca i32, i64 5, align 4 |
| ret void |
| } |
| |
| ; CHECK-LABEL: define void @array( |
| ; INLINE: call void @llvm.memset.p0i8.i64(i8* align 4 {{.*}}, i8 -1, i64 20, i1 false) |
| ; CALL: call void @__msan_poison_stack(i8* {{.*}}, i64 20) |
| ; ORIGIN: call void @__msan_set_alloca_origin4(i8* {{.*}}, i64 20, |
| ; KMSAN: call void @__msan_poison_alloca(i8* {{.*}}, i64 20, |
| ; CHECK: ret void |
| |
| define void @array_non_const(i64 %cnt) sanitize_memory { |
| entry: |
| %x = alloca i32, i64 %cnt, align 4 |
| ret void |
| } |
| |
| ; CHECK-LABEL: define void @array_non_const( |
| ; CHECK: %[[A:.*]] = mul i64 4, %cnt |
| ; INLINE: call void @llvm.memset.p0i8.i64(i8* align 4 {{.*}}, i8 -1, i64 %[[A]], i1 false) |
| ; CALL: call void @__msan_poison_stack(i8* {{.*}}, i64 %[[A]]) |
| ; ORIGIN: call void @__msan_set_alloca_origin4(i8* {{.*}}, i64 %[[A]], |
| ; KMSAN: call void @__msan_poison_alloca(i8* {{.*}}, i64 %[[A]], |
| ; CHECK: ret void |
| |
| ; Check that the local is unpoisoned in the absence of sanitize_memory |
| define void @unpoison_local() { |
| entry: |
| %x = alloca i32, i64 5, align 4 |
| ret void |
| } |
| |
| ; CHECK-LABEL: define void @unpoison_local( |
| ; INLINE: call void @llvm.memset.p0i8.i64(i8* align 4 {{.*}}, i8 0, i64 20, i1 false) |
| ; CALL: call void @llvm.memset.p0i8.i64(i8* align 4 {{.*}}, i8 0, i64 20, i1 false) |
| ; ORIGIN-NOT: call void @__msan_set_alloca_origin4(i8* {{.*}}, i64 20, |
| ; KMSAN: call void @__msan_unpoison_alloca(i8* {{.*}}, i64 20) |
| ; CHECK: ret void |
| |
| ; Check that every llvm.lifetime.start() causes poisoning of locals. |
| define void @lifetime_start() sanitize_memory { |
| entry: |
| %x = alloca i32, align 4 |
| %c = bitcast i32* %x to i8* |
| br label %another_bb |
| |
| another_bb: |
| call void @llvm.lifetime.start.p0i8(i64 4, i8* nonnull %c) |
| store i32 7, i32* %x |
| call void @llvm.lifetime.end.p0i8(i64 4, i8* nonnull %c) |
| call void @llvm.lifetime.start.p0i8(i64 4, i8* nonnull %c) |
| store i32 8, i32* %x |
| call void @llvm.lifetime.end.p0i8(i64 4, i8* nonnull %c) |
| ret void |
| } |
| |
| ; CHECK-LABEL: define void @lifetime_start( |
| ; CHECK-LABEL: entry: |
| ; CHECK: %x = alloca i32 |
| ; CHECK-LABEL: another_bb: |
| |
| ; CHECK: call void @llvm.lifetime.start |
| ; INLINE: call void @llvm.memset.p0i8.i64(i8* align 4 {{.*}}, i8 -1, i64 4, i1 false) |
| ; CALL: call void @__msan_poison_stack(i8* {{.*}}, i64 4) |
| ; ORIGIN: call void @__msan_set_alloca_origin4(i8* {{.*}}, i64 4, |
| ; KMSAN: call void @__msan_poison_alloca(i8* {{.*}}, i64 4, |
| |
| ; CHECK: call void @llvm.lifetime.start |
| ; INLINE: call void @llvm.memset.p0i8.i64(i8* align 4 {{.*}}, i8 -1, i64 4, i1 false) |
| ; CALL: call void @__msan_poison_stack(i8* {{.*}}, i64 4) |
| ; ORIGIN: call void @__msan_set_alloca_origin4(i8* {{.*}}, i64 4, |
| ; KMSAN: call void @__msan_poison_alloca(i8* {{.*}}, i64 4, |
| ; CHECK: ret void |
| |
| ; Make sure variable-length arrays are handled correctly. |
| define void @lifetime_start_var(i64 %cnt) sanitize_memory { |
| entry: |
| %x = alloca i32, i64 %cnt, align 4 |
| %c = bitcast i32* %x to i8* |
| call void @llvm.lifetime.start.p0i8(i64 -1, i8* nonnull %c) |
| call void @llvm.lifetime.end.p0i8(i64 -1, i8* nonnull %c) |
| ret void |
| } |
| |
| ; CHECK-LABEL: define void @lifetime_start_var( |
| ; CHECK-LABEL: entry: |
| ; CHECK: %x = alloca i32, i64 %cnt |
| ; CHECK: call void @llvm.lifetime.start |
| ; CHECK: %[[A:.*]] = mul i64 4, %cnt |
| ; INLINE: call void @llvm.memset.p0i8.i64(i8* align 4 {{.*}}, i8 -1, i64 %[[A]], i1 false) |
| ; CALL: call void @__msan_poison_stack(i8* {{.*}}, i64 %[[A]]) |
| ; ORIGIN: call void @__msan_set_alloca_origin4(i8* {{.*}}, i64 %[[A]], |
| ; KMSAN: call void @__msan_poison_alloca(i8* {{.*}}, i64 %[[A]], |
| ; CHECK: call void @llvm.lifetime.end |
| ; CHECK: ret void |
| |
| |
| ; If we can't trace one of the lifetime markers to a single alloca, fall back |
| ; to poisoning allocas at the beginning of the function. |
| ; Each alloca must be poisoned only once. |
| define void @lifetime_no_alloca(i8 %v) sanitize_memory { |
| entry: |
| %x = alloca i32, align 4 |
| %y = alloca i32, align 4 |
| %z = alloca i32, align 4 |
| %cx = bitcast i32* %x to i8* |
| %cy = bitcast i32* %y to i8* |
| %cz = bitcast i32* %z to i8* |
| %tobool = icmp eq i8 %v, 0 |
| %xy = select i1 %tobool, i32* %x, i32* %y |
| %cxcy = select i1 %tobool, i8* %cx, i8* %cy |
| br label %another_bb |
| |
| another_bb: |
| call void @llvm.lifetime.start.p0i8(i64 4, i8* nonnull %cz) |
| store i32 7, i32* %z |
| call void @llvm.lifetime.end.p0i8(i64 4, i8* nonnull %cz) |
| call void @llvm.lifetime.start.p0i8(i64 4, i8* nonnull %cz) |
| store i32 7, i32* %z |
| call void @llvm.lifetime.end.p0i8(i64 4, i8* nonnull %cz) |
| call void @llvm.lifetime.start.p0i8(i64 4, i8* nonnull %cxcy) |
| store i32 8, i32* %xy |
| call void @llvm.lifetime.end.p0i8(i64 4, i8* nonnull %cxcy) |
| ret void |
| } |
| |
| ; CHECK-LABEL: define void @lifetime_no_alloca( |
| ; CHECK-LABEL: entry: |
| ; CHECK: %x = alloca i32 |
| ; INLINE: call void @llvm.memset.p0i8.i64(i8* align 4 {{.*}}, i8 -1, i64 4, i1 false) |
| ; CALL: call void @__msan_poison_stack(i8* {{.*}}, i64 4) |
| ; ORIGIN: call void @__msan_set_alloca_origin4(i8* {{.*}}, i64 4, |
| ; KMSAN: call void @__msan_poison_alloca(i8* {{.*}}, i64 4, |
| ; CHECK: %y = alloca i32 |
| ; INLINE: call void @llvm.memset.p0i8.i64(i8* align 4 {{.*}}, i8 -1, i64 4, i1 false) |
| ; CALL: call void @__msan_poison_stack(i8* {{.*}}, i64 4) |
| ; ORIGIN: call void @__msan_set_alloca_origin4(i8* {{.*}}, i64 4, |
| ; KMSAN: call void @__msan_poison_alloca(i8* {{.*}}, i64 4, |
| ; CHECK: %z = alloca i32 |
| ; INLINE: call void @llvm.memset.p0i8.i64(i8* align 4 {{.*}}, i8 -1, i64 4, i1 false) |
| ; CALL: call void @__msan_poison_stack(i8* {{.*}}, i64 4) |
| ; ORIGIN: call void @__msan_set_alloca_origin4(i8* {{.*}}, i64 4, |
| ; KMSAN: call void @__msan_poison_alloca(i8* {{.*}}, i64 4, |
| |
| ; There're two lifetime intrinsics for %z, but we must instrument it only once. |
| ; INLINE-NOT: call void @llvm.memset.p0i8.i64(i8* align 4 {{.*}}, i8 -1, i64 4, i1 false) |
| ; CALL-NOT: call void @__msan_poison_stack(i8* {{.*}}, i64 4) |
| ; ORIGIN-NOT: call void @__msan_set_alloca_origin4(i8* {{.*}}, i64 4, |
| ; KMSAN-NOT: call void @__msan_poison_alloca(i8* {{.*}}, i64 4, |
| ; CHECK-LABEL: another_bb: |
| |
| ; CHECK: call void @llvm.lifetime.start |
| ; INLINE-NOT: call void @llvm.memset.p0i8.i64(i8* align 4 {{.*}}, i8 -1, i64 4, i1 false) |
| ; CALL-NOT: call void @__msan_poison_stack(i8* {{.*}}, i64 4) |
| ; ORIGIN-NOT: call void @__msan_set_alloca_origin4(i8* {{.*}}, i64 4, |
| ; KMSAN-NOT: call void @__msan_poison_alloca(i8* {{.*}}, i64 4, |
| ; CHECK: call void @llvm.lifetime.end |
| ; CHECK: call void @llvm.lifetime.start |
| ; INLINE-NOT: call void @llvm.memset.p0i8.i64(i8* align 4 {{.*}}, i8 -1, i64 4, i1 false) |
| ; CALL-NOT: call void @__msan_poison_stack(i8* {{.*}}, i64 4) |
| ; ORIGIN-NOT: call void @__msan_set_alloca_origin4(i8* {{.*}}, i64 4, |
| ; KMSAN-NOT: call void @__msan_poison_alloca(i8* {{.*}}, i64 4, |
| ; CHECK: call void @llvm.lifetime.end |
| |
| |
| |
| declare void @llvm.lifetime.start.p0i8(i64 immarg, i8* nocapture) |
| declare void @llvm.lifetime.end.p0i8(i64 immarg, i8* nocapture) |